Re: guix system vm, QEMU, virtfs, and the security

help-guix

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: guix system vm, QEMU, virtfs, and the security_model option

From:	Efraim Flashner
Subject:	Re: guix system vm, QEMU, virtfs, and the security_model option
Date:	Sun, 2 Jun 2024 09:55:04 +0300

On Thu, May 30, 2024 at 04:15:33PM +0100, Fabio Natali wrote:
> Hi,
> 
> A quick question re the 'guix system vm' command. When used in
> combination with '--share=/foo=/bar', the command takes advantage of
> QEMU's 'virtfs' option to share a folder between the host and the guest.
> 
> Interestingly, the command makes use of the 'security_model=none'
> option. An alternative, one that I've seen recommended in some QEMU
> docs⁰, would be using 'security_model=mapped-xattr'.
> 
> Is there any particular reason why we're using 'none' instead of
> 'mapped-xattr'?  The reason I'm asking is because I'm struggling with
> some permission issues on a shared folder and I'd have a vague intuition
> (or some hope) that 'mapped-xattr' might be a solution.
> 

It looks like it was set in April 2014, so it may be time to revisit
it and see if changing the security_model works.

-- 
Efraim Flashner   <efraim@flashner.co.il>   רנשלפ םירפא
GPG key = A28B F40C 3E55 1372 662D  14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted

signature.asc
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

Re: guix system vm, QEMU, virtfs, and the security_model option, Efraim Flashner <=
- Re: guix system vm, QEMU, virtfs, and the security_model option, Brian O'Keefe, 2024/06/02
- Re: guix system vm, QEMU, virtfs, and the security_model option, Fabio Natali, 2024/06/05

Next by Date: Remove Package from Gnome Meta-Package
Next by thread: Re: guix system vm, QEMU, virtfs, and the security_model option
Index(es):
- Date
- Thread